General

  • Target

    9da63c8fbd118cb004ed3c04f0899c800cb752df178407a561661e14ef72a295.elf

  • Size

    32KB

  • Sample

    240419-b5kj6sec7v

  • MD5

    143739220e3511a29f0622274c0ea575

  • SHA1

    8a0f4450ac2b1fa9392203585630a13490bf75ee

  • SHA256

    9da63c8fbd118cb004ed3c04f0899c800cb752df178407a561661e14ef72a295

  • SHA512

    c66e881d223c7e4ef8a420f5e4348aa4ca4ad03564d348b2077ed38ab88a70a9da87fce1dc2d15e8f34424b7fc4c6c4275ba827a5d09b009ae4b1d04314ace4a

  • SSDEEP

    384:Kvv/RyiWJTT2zZp4gnFx54G3SjkICvxzKRpOA9gMQJ0DvwqxNAnjtd6ZYMBJAhdc:KvcZY4+IG3UBOtMMqIjtdmDa3C9j3UhM

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

jswl.bzwl888.sbs

Targets

    • Target

      9da63c8fbd118cb004ed3c04f0899c800cb752df178407a561661e14ef72a295.elf

    • Size

      32KB

    • MD5

      143739220e3511a29f0622274c0ea575

    • SHA1

      8a0f4450ac2b1fa9392203585630a13490bf75ee

    • SHA256

      9da63c8fbd118cb004ed3c04f0899c800cb752df178407a561661e14ef72a295

    • SHA512

      c66e881d223c7e4ef8a420f5e4348aa4ca4ad03564d348b2077ed38ab88a70a9da87fce1dc2d15e8f34424b7fc4c6c4275ba827a5d09b009ae4b1d04314ace4a

    • SSDEEP

      384:Kvv/RyiWJTT2zZp4gnFx54G3SjkICvxzKRpOA9gMQJ0DvwqxNAnjtd6ZYMBJAhdc:KvcZY4+IG3UBOtMMqIjtdmDa3C9j3UhM

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (210068) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks